Creating strong passwords (and passphrases) in six easy steps

Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:

"For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password "ChEcK12" in only 26 seconds; and today's top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It's scary stuff."

5. Finally, substitute some special characters and symbols for common letters.

And last: Step 6. When you're done, you can test your new password with Password Checker, a non-recording feature the Microsoft.Com site that tests the strength of your as you type.

I like the suggestion of using a passphrase which when used as a password is as long as the phrase is in number of characters. As the Wiki notes, passphrases are usually longer than a password, with 20 to 30 characters typical of many passphrases, "making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary."

So, passphrase of "MydogSpotisblackandwhite" may be better than "mydogspot." Again, InformationWeek suggests that passphrases can be more secure "because they're made of a series of words rather than totally random characters, they're much easier to remember than conventional passwords of similar length."